protected override void ExecuteCmdlet()
{
var officeManagementApiToken = OfficeManagementApiToken.AcquireApplicationToken(TenantId, ClientId, ClientSecret, PnPConnection.CurrentConnection.AzureEnvironment);
WriteObject(officeManagementApiToken.AccessToken);
}
protected override void ExecuteCmdlet()
{
var officeManagementApiToken = OfficeManagementApiToken.AcquireApplicationToken(TenantId, ClientId, ClientSecret);
WriteObject(officeManagementApiToken.AccessToken);
}
/// <summary>
/// Tries to get a token for the provided audience
/// </summary>
/// <param name="tokenAudience">Audience to try to get a token for</param>
/// <param name="orRoles">The specific roles to request access to (i.e. Group.ReadWrite.All). Optional, will use default groups assigned to clientId if not specified.</param>
/// <returns><see cref="GenericToken"/> for the audience or NULL if unable to retrieve a token for the audience on the current connection</returns>
internal GenericToken TryGetToken(TokenAudience tokenAudience, AzureEnvironment azureEnvironment, string[] orRoles = null, string[] andRoles = null, TokenType tokenType = TokenType.All)
{
GenericToken token = null;
switch (tokenAudience)
{
case TokenAudience.MicrosoftGraph:
if (ConnectionMethod == ConnectionMethod.DeviceLogin || ConnectionMethod == ConnectionMethod.GraphDeviceLogin)
{
var officeManagementApiScopes = Enum.GetNames(typeof(OfficeManagementApiPermission)).Select(s => s.Replace("_", ".")).Intersect(Scopes).ToArray();
// Take the remaining scopes and try requesting them from the Microsoft Graph API
var scopes = Scopes.Except(officeManagementApiScopes).ToArray();
token = GraphToken.AcquireApplicationTokenDeviceLogin(PnPConnection.PnPManagementShellClientId, scopes, DeviceLoginCallback(null, false), AzureEnvironment);
}
else
{
if (!string.IsNullOrEmpty(Tenant))
{
if (Certificate != null)
{
token = GraphToken.AcquireApplicationToken(Tenant, ClientId, Certificate, AzureEnvironment);
}
else if (ClientSecret != null)
{
token = GraphToken.AcquireApplicationToken(Tenant, ClientId, ClientSecret, AzureEnvironment);
}
else if (Scopes != null)
{
var officeManagementApiScopes = Enum.GetNames(typeof(OfficeManagementApiPermission)).Select(s => s.Replace("_", ".")).Intersect(Scopes).ToArray();
// Take the remaining scopes and try requesting them from the Microsoft Graph API
var scopes = Scopes.Except(officeManagementApiScopes).ToArray();
if (scopes.Length > 0)
{
token = PSCredential == null?GraphToken.AcquireApplicationTokenInteractive(PnPManagementShellClientId, scopes, azureEnvironment) : GraphToken.AcquireDelegatedTokenWithCredentials(PnPManagementShellClientId, scopes, PSCredential.UserName, PSCredential.Password, azureEnvironment);
}
else
{
throw new PSSecurityException($"Access to {tokenAudience} failed because you did not connect with any permission scopes related to this service (for instance 'Group.Read.All').");
}
}
}
}
break;
case TokenAudience.OfficeManagementApi:
if (!string.IsNullOrEmpty(Tenant))
{
if (Certificate != null)
{
token = OfficeManagementApiToken.AcquireApplicationToken(Tenant, ClientId, Certificate, AzureEnvironment);
}
else if (ClientSecret != null)
{
token = OfficeManagementApiToken.AcquireApplicationToken(Tenant, ClientId, ClientSecret, AzureEnvironment);
}
else if (Scopes != null)
{
var scopes = Enum.GetNames(typeof(OfficeManagementApiPermission)).Select(s => s.Replace("_", ".")).Intersect(Scopes).ToArray();
// Take the remaining scopes and try requesting them from the Microsoft Graph API
if (scopes.Length > 0)
{
token = PSCredential == null?OfficeManagementApiToken.AcquireApplicationTokenInteractive(PnPManagementShellClientId, scopes, azureEnvironment) : OfficeManagementApiToken.AcquireDelegatedTokenWithCredentials(PnPManagementShellClientId, scopes, PSCredential.UserName, PSCredential.Password, azureEnvironment);
}
else
{
throw new PSSecurityException($"Access to {tokenAudience} failed because you did not connect with any permission scopes related to this service (for instance 'ServiceHealth.Read').");
}
}
}
break;
case TokenAudience.SharePointOnline:
// This is not a token type we can request on demand
return(null);
}
if (token != null)
{
var validationResults = ValidateTokenForPermissions(token, tokenAudience, orRoles, andRoles, tokenType);
if (!validationResults.valid)
{
throw new PSSecurityException($"Access to {tokenAudience} failed because the app registration {ClientId} in tenant {Tenant} is not granted {validationResults.message}");
}
return(token);
}
// Didn't have a token yet and unable to retrieve one
return(null);
}
/// <summary>
/// Tries to get a token for the provided audience
/// </summary>
/// <param name="tokenAudience">Audience to try to get a token for</param>
/// <param name="orRoles">The specific roles to request access to (i.e. Group.ReadWrite.All). Optional, will use default groups assigned to clientId if not specified.</param>
/// <returns><see cref="GenericToken"/> for the audience or NULL if unable to retrieve a token for the audience on the current connection</returns>
internal GenericToken TryGetToken(TokenAudience tokenAudience, string[] orRoles = null, string[] andRoles = null, TokenType tokenType = TokenType.All)
{
GenericToken token = null;
//Validate if we have a token already
//if (AccessTokens.ContainsKey(tokenAudience))
//{
// // We have a token already, ensure it is still valid
// token = AccessTokens[tokenAudience];
// if (token.ExpiresOn > DateTime.Now)
// {
// var validationResults = ValidateTokenForPermissions(token, tokenAudience, orRoles, andRoles, tokenType);
// if (validationResults.valid)
// {
// return token;
// }
// throw new PSSecurityException($"Access to {tokenAudience} failed because the app registration {ClientId} in tenant {Tenant} is not granted {validationResults.message}");
// }
// // Token was no longer valid, proceed with trying to create a new token
//}
// We do not have a token for the requested audience yet or it was no longer valid, try to create (a new) one
switch (tokenAudience)
{
case TokenAudience.MicrosoftGraph:
if (ConnectionMethod == ConnectionMethod.DeviceLogin || ConnectionMethod == ConnectionMethod.GraphDeviceLogin)
{
token = GraphToken.AcquireApplicationTokenDeviceLogin(PnPConnection.DeviceLoginClientId, Scopes, DeviceLoginCallback(null, false));
}
else
{
if (!string.IsNullOrEmpty(Tenant))
{
if (Certificate != null)
{
token = GraphToken.AcquireApplicationToken(Tenant, ClientId, Certificate);
}
else if (ClientSecret != null)
{
token = GraphToken.AcquireApplicationToken(Tenant, ClientId, ClientSecret);
}
else if (Scopes != null)
{
token = PSCredential == null?GraphToken.AcquireApplicationTokenInteractive(DeviceLoginClientId, Scopes) : GraphToken.AcquireDelegatedTokenWithCredentials(DeviceLoginClientId, Scopes, PSCredential.UserName, PSCredential.Password);
}
}
}
break;
case TokenAudience.OfficeManagementApi:
if (!string.IsNullOrEmpty(Tenant))
{
if (Certificate != null)
{
token = OfficeManagementApiToken.AcquireApplicationToken(Tenant, ClientId, Certificate);
}
else if (ClientSecret != null)
{
token = OfficeManagementApiToken.AcquireApplicationToken(Tenant, ClientId, ClientSecret);
}
}
break;
case TokenAudience.SharePointOnline:
// This is not a token type we can request on demand
return(null);
}
if (token != null)
{
var validationResults = ValidateTokenForPermissions(token, tokenAudience, orRoles, andRoles, tokenType);
if (!validationResults.valid)
{
throw new PSSecurityException($"Access to {tokenAudience} failed because the app registration {ClientId} in tenant {Tenant} is not granted {validationResults.message}");
}
// Managed to create a token for the requested audience, add it to our collection with tokens
//AccessTokens[tokenAudience] = token;
return(token);
}
// Didn't have a token yet and unable to retrieve one
return(null);
}